02c4553c4a782f664b9d47a1e52e9f29

Sharing

Copy URL

Twitter E-mail

General

Target

02c4553c4a782f664b9d47a1e52e9f29
Size

2.3MB
MD5

02c4553c4a782f664b9d47a1e52e9f29
SHA1

394a616fea616406c3ab12f40acf59332500d7ee
SHA256

228db4eac5d27e4a4debc380f5443ee20d5f75f39418a30889ff80ad5338ee79
SHA512

6b5026d4822c60732d6c565061ac2d822095eab2ce411b68109d39086fb85bfb319a40e22e6711672e598e6477a755944a2477b45cdb95370864add27f861bbd
SSDEEP

49152:o4erXlb7BZfdsB1icGIhrZ8pqSjO/CRctRYQdYRAS3JcU76TR84BXpPKvD3odEaO:4ZfW1BGID83S/CRkFYRNh2VBMv7odE9f

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

02c4553c4a782f664b9d47a1e52e9f29
.exe windows:5 windows x86 arch:x86

5465b810fd0d92a7f8145eb2b3e47b15

Code Sign

3b:4f:9a:8b:40:f3:03:c8:aa:d1:d7:7b:2a:2b:46:74
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-02-2015 00:00

Not After

11-02-2016 23:59

Subject

CN=BrowserAir (GOOBZO LTD),O=BrowserAir (GOOBZO LTD),POSTALCODE=31905,STREET=Bldg #15 Matam,L=Haifa,ST=Haifa,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05-05-2015 00:00

Not After

31-12-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

07:39:c3:53:f8:aa:bc:2f:80:19:2e:9c:93:bc:38:be:43:87:0e:79
Signer

Actual PE Digest

07:39:c3:53:f8:aa:bc:2f:80:19:2e:9c:93:bc:38:be:43:87:0e:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MsgWaitForMultipleObjectsEx

ws2_32

send

gdi32

CreateFontW

oleacc

AccessibleChildren

advapi32

RegCloseKey

shell32

ShellExecuteExW

ole32

CoInitializeEx

oleaut32

VariantClear

comctl32

InitCommonControlsEx

psapi

GetModuleFileNameExW

crypt32

CertCloseStore

version

VerQueryValueW

iphlpapi

GetNetworkParams

winhttp

WinHttpGetIEProxyConfigForCurrentUser

wininet

HttpSendRequestExW

Sections

.text
Size: - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5465b810fd0d92a7f8145eb2b3e47b15

Code Sign

3b:4f:9a:8b:40:f3:03:c8:aa:d1:d7:7b:2a:2b:46:74Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

07:39:c3:53:f8:aa:bc:2f:80:19:2e:9c:93:bc:38:be:43:87:0e:79Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

gdi32

oleacc

advapi32

shell32

ole32

oleaut32

comctl32

psapi

crypt32

version

iphlpapi

winhttp

wininet

Sections

.text Size: - Virtual size: 548KB

.rdata Size: - Virtual size: 221KB

.data Size: - Virtual size: 23KB

.vmp0 Size: - Virtual size: 1.9MB

.vmp1 Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 512B - Virtual size: 176B

.rsrc Size: 38KB - Virtual size: 37KB

3b:4f:9a:8b:40:f3:03:c8:aa:d1:d7:7b:2a:2b:46:74
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

07:39:c3:53:f8:aa:bc:2f:80:19:2e:9c:93:bc:38:be:43:87:0e:79
Signer

.text
Size: - Virtual size: 548KB

.rdata
Size: - Virtual size: 221KB

.data
Size: - Virtual size: 23KB

.vmp0
Size: - Virtual size: 1.9MB

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 512B - Virtual size: 176B

.rsrc
Size: 38KB - Virtual size: 37KB